In late 2014, an anonymous whistle-blower contacted the German newspaper Suddeutsche Zeitung stating that they had “more data than you have ever seen” in relation to crimes that the person wanted to make public. At this time, it is not publicly known how the whistle-blower was able to send so much data undetected over such a period of time however Bastian Obermayer, the reporter for Suddeutsche Zeitung who was contacted by the whistle-blower, stated that he “learned a lot about making the safe transfer of big files”.
Obermayer indicated that he communicated through various encrypted channels with the whistle-blower who sent the data in chunks until the 2.7 TB were amassed. Suddeutsche Zeitung contacted the ICIJ and the ICIJ created a secure portal where journalists could research the data. Over 400 journalists kept the information a secret until Sunday when over 100 news outlets published the first articles about the data leak.
Earlier, the Mossack Fonseca website told its customers that their email server suffered an unauthorized breach. The company denies any wrongdoing and has published a lengthy rebuttal to the media reports. A spokesperson has stated that the company may pursue legal action against the news agencies for using the information that was obtained illegally.
It appears that you have had unauthorized access to proprietary documents and information taken from our company and have presented and interpreted them out of context. We trust that you are fully aware that using information/documentation unlawfully obtained is a crime, and we will not hesitate to pursue all available criminal and civil remedies.
The one thing that has not been mentioned yet is the data protection liability suit that the 4th largest offshore law firm in the world may have coming in the near future. Target settled its data breach for $100 million… this one is going to be much larger.
While the Cisco CEO says that there are two types of companies, ones that have been hacked and ones that know they’ve been hacked; the cybersecurity future is not completely doom and gloom for businesses. There are some basic things that businesses can do to better protect themselves.
Use endpoint (anti-virus and anti-malware) software on all devices and keep it up-to-date
Protect the business with a firewall that inspects traffic both in and out of the business
Get a vulnerability and penetration assessment
